HOTSPOT -
You have an Azure Active Directory Domain Services (Azure AD DS) domain.
You create a new user named Admin1.
You need Admin1 to deploy custom Group Policy settings to all the computers in the domain. The solution must use the principle of least privilege.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
Hot Area:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy https://docs.microsoft.com/en-us/azure/active-directory-domain-services/create-ou
DRAG DROP -
Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.
You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local
Administrators group on Server1.
You need to recommend a deployment plan that meets the following requirements:
✑ Ensures that a user named User1 can perform the RODC installation on Server1
✑ Ensures that you can control the AD DS replication schedule to the Server1
✑ Ensures that Server1 is in a new site named RemoteSite1
Uses the principle of least privilege
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Box 1.
We need to create a site and subnet for the remote site. The new site will be added to the Default IP Site Link so we don't need to create a new site link. You configure the replication schedule on the site link.
Box 2.
When we pre-create an RODC account, we can specify who is allowed to attach the server to the prestaged account. This means that the User1 does not need to be added to the Domain Admins group.
Box3.
User1 can connect the RODC to the prestaged account by running the AD DS installation wizard.
Reference:
https://mehic.se/2018/01/02/how-to-install-and-configure-read-only-domain-controller-rodc-2016/
Your network contains an Active Directory Domain Services (AD DS) domain. The network also contains 20 domain controllers, 100 member servers, and 100 client computers.
You have a Group Policy Object (GPO) named GPO1 that contains Group Policy preferences.
You plan to link GPO1 to the domain.
You need to ensure that the preference in GPO1 apply only to domain member servers and NOT to domain controllers or client computers. All the other Group
Policy settings in GPO1 must apply to all the computers. The solution must minimize administrative effort.
Which type of item level targeting should you use?
To ensure that the preference in GPO1 applies only to domain member servers and not to domain controllers or client computers, the best type of item-level targeting to use is Security Group targeting. By using Security Group targeting, you can create a security group that contains only the member servers and apply the preference specifically to that group. This method allows for granular and precise control over which computers the policy affects, regardless of their operating system, ensuring that only the intended member servers receive the policy while minimizing ongoing administrative effort.
DRAG DROP -
You deploy a new Active Directory Domain Services (AD DS) forest named contoso.com. The domain contains three domain controllers named DC1, DC2, and
DC3.
You rename Default-First-Site-Name as Site1.
You plan to ship DC1, DC2, and DC3 to datacenters in different locations.
You need to configure replication between DC1, DC2, and DC3 to meet the following requirements:
✑ Each domain controller must reside in its own Active Directory site.
✑ The replication schedule between each site must be controlled independently.
✑ Interruptions to replication must be minimized.
Which three actions should you perform in sequence in the Active Directory Sites and Services console? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The root domain contains the domain controllers shown in the following table.
A failure of which domain controller will prevent you from creating application partitions?
In an Active Directory Domain Services (AD DS) forest, the Domain Naming Master FSMO role is crucial for creating application partitions. The domain naming master is the only domain controller that can add or remove domains in the forest and handle cross-references to domains in external directories. It also manages new instances of application directory partitions. A failure of the domain controller holding this role (in this case, DC1) would prevent the creation of application partitions or any changes to the domain namespace. Therefore, a failure of DC1 will prevent the creation of application partitions.